Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Github Security Blog
Github Security Blogadded 2026/04/24 8:39 p.m.4 views

Kirby is vulnerable to authorization bypass during page, file and user creation via blueprint injection

TL;DR This vulnerability affects all Kirby sites where users of a particular role have no permission to create pages, files or users pages.create, files.create or users.create permission is disabled. This can be due to configuration in the user blueprints, via options in the model blueprints or v...

8.8CVSS5.3AI score0.00041EPSS
Exploits0References5Affected Software1
CVE
CVEadded 2026/04/24 12:38 a.m.14 views

CVE-2026-41325

Kirby exposes an authorization bypass vulnerability during creation of pages, files and users via dynamic blueprint injection. Prior to versions 4.9.0 and 5.4.0, an attacker could inject custom blueprint options (e.g., 'create' => true) into the model data, overriding permissions defined in us...

8.8CVSS5.6AI score0.00041EPSS
Exploits0References3Affected Software1
Cvelist
Cvelistadded 2024/01/23 1:54 p.m.7 views

CVE-2023-49783 No permission checks for editing/deleting records with CSV import form

Silverstripe Admin provides a basic management interface for the Silverstripe Framework. In versions on the 1.x branch prior to 1.13.19 and on the 2.x branch prior to 2.1.8, users who don't have edit or delete permissions for records exposed in a ModelAdmin can still edit or delete records using...

4.3CVSS4.8AI score0.00146EPSS
Exploits0References2
RedhatCVE
RedhatCVEadded 2022/03/18 4:17 p.m.60 views

CVE-2022-27196

Jenkins Favorite Plugin 2.4.0 and earlier does not escape the names of jobs in the favorite column, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure or Item/Create permissions...

5.4CVSS2.7AI score0.00137EPSS
Exploits0References4
ATTACKERKB
ATTACKERKBadded 2022/02/11 6:15 p.m.2 views

CVE-2022-23707

An XSS vulnerability was found in Kibana index patterns. Using this vulnerability, an authenticated user with permissions to create index patterns can inject malicious javascript into the index pattern which could execute against other users...

5.4CVSS6.1AI score0.00262EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVEadded 2022/01/25 2:21 p.m.29 views

CVE-2022-21701

Istio is an open platform to connect, manage, and secure microservices. In versions 1.12.0 and 1.12.1 Istio is vulnerable to a privilege escalation attack. Users who have CREATE permission for gateways.gateway.networking.k8s.io objects can escalate this privilege to create other resources that th...

8.8CVSS2.9AI score0.00225EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletinsadded 2020/07/24 10:19 p.m.24 views

Security Bulletin: IBM Sterling Connect:Direct for UNIX default file create permissions could expose sensitive information to a local user (CVE-2016-0380).

Summary By default, when it receives a new data file, IBM Sterling Connect:Direct for UNIX creates the file with permissions 664. These permissions, which give all local users read access to the file, may not be appropriate when Connect:Direct is used to receive sensitive information...

3.3CVSS0.7AI score0.00041EPSS
Exploits0Affected Software1
Rows per page
Query Builder